Missing package dependancies added.
A missing "config" parameter for qemu-nbd based seeding
method added.
A new seeding method utilising Cloud-init added.
The qemu-nbd based method is still a default method
for backward compatibility.
To enable cloud-init, set the "seed" parameter on
a cluster or node level to "cloud-init".
To disable seeding, set this parameter to "false".
Setting this parameter to "true" will default to
the "qemu-nbd" method.
Salt Minion config file will be created automatically
and may be overrided via cluster or node level
metadata:
salt:
control:
cluster:
mycluster:
seed: cloud-init
cloud_init:
user_data:
salt_minion:
conf:
master: 10.1.1.1
or for qemu-nbd case:
salt:
control:
cluster:
mycluster:
seed: true
config:
host: 10.1.1.1
That may be useful when Salt Master has two IPs in
different networks and one of the networks isn't accessible
from a VM at the moment it's created. Setting a reachable
Salt master IP from metadata helps avoid potential problems.
Also, a liitle optimization has been done to parse/dump
an libvirt XML only once while modifying it.
Change-Id: I091cf409cb43ba2d0a18eaf2a08c11e88d0334e2
Closes-Bug: PROD-22191
Add TCP keepalive configuration options [1] to the list of accepted
minion config keys.
[1] https://docs.saltstack.com/en/latest/ref/configuration/minion.html
Change-Id: If80083fc793b86147b3691216dea571ea2cf0858
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Spawning AArch64 VMs using salt.control.virt requires a few extra
domain configuration items to be configurable:
- libvirt xml: pass loader param to vm
Based on upstream commit [1].
- libvirt xml: pass virt machine type
- libvirt xml: pass cpu mode to vm
- virt module: Allow NVRAM unlinking on DOM undefine
UEFI-enabled VMs usually have pflash (NVRAM) devices attached,
which require one additional libvirt flag to be passed at 'undefine'.
This is usually the case for AArch64 (arm64) VMs, where AAVMF (AA64
UEFI) is the only supported guest bootloader.
[1] https://github.com/saltstack/salt/commit/9cace9adb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
The metadata will be used to get list of enabled applications
that implement formula based upgrades.
Change-Id: Ibc368d993aa1c3c8715598513467da78792c752b
By default salt minion meta files are created with wide
permissions.
This makes OS tokens, keystone credentials unprotected.
Patch fixes this.
Prod-Related: CEEMCP-13 unprotected keystone credentials
Customer-Found
Change-Id: I18283cff4aec795e0656b7b3519381792e8a6e54
Salt (ca.sls) supports generation a few CA.cert but it works incorrectly.
When we generate a few ca.cert, salt must upload it to mine. But it overwrites previous ones.
Related-Prod: PROD-21740
Change-Id: I60f1089cc58758d3be65371deaaa69348fde86a4
The patch adds _orchestrate.conf file to salt minion
configuration. Its template searches for "/meta/salt.yml"
file across all installed formulas and parses them if found.
As of now config will contain following data, e.g.:
orchestration:
deploy:
applications:
cinder:
priority: 150
keystone:
priority: 100
Application priorities will be used later for salt deploy
orchestration
Change-Id: I56b0d15e5a13ca4975d98b9675991f84885120e6
Related-PROD: PROD-19973
The conflicting ID is 'libvirt_service' and is found in SLS:
- libvirt.server.service
- salt.control.virt
Change-Id: Ibb0b6f0a574a53f1cb8517a9fe0d7f0febb07bb3
The patch adds ability to configure REDIS as cache
backed for salt-master to be used as distibuted cache
further.
Change-Id: I62a29713c23ad3f591f6e937bfc5b13eba92f402
Related-PROD: PROD-20581
When proxy parameter was defined and host is empty string, salt is complaining with warning. With this patch when host is empty parameters are not used.
Change-Id: I11150e5f141182d5934564611d6c39b2b379b5e9
[Fix] Doc
Issue: - It is not possible to pass [R]andom [N]umber [G]enerator
device to libvirt guest xml in order to control entropy.
- Doc has no information on how to provision vms using salt
Solution: - Pass rng parameters via kwargs from node: pillar
Attach rng xml object to generated xml.
- Provide with an example
Prod-Related: PROD-19214
Customer-Found
Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
Our formula strictly rely on cherrypy framework when running salt API.
This patch adds that dependency to api packages as when installing
recommended is disabled it won't be installed by default.
Change-Id: I12d9368b17f2d0bc33dded2d1a9c8abd9bfcd0b1
Related-Prod: PROD-18105
salt-minion started via upstart is not using /etc/environment to
source variables therefore is not using system wide http_proxy parameters if
they are set there. With this patch if salt.minion.env_vars is set to engine:
file salt will set envvars in /etc/default/salt-minion and will use them for
all commands executed remotely via salt. Since /etc/default is not used on
systems with systemd override for salt-minion to use /etc/environmnet will be
set.
Change-Id: Icfe122de2486a83820a0bd2e2aeea4be3796c6aa
Closes-bug: PROD-16676
The patch deletes deprecated cmd.run function which actually
was defined in salt 2016 as alias for cmd.shell therefore this
change supports backward compatibility.
Change-Id: I47eae0b8ee45ca1a1a9b3e8e544c893614573fda
Related-PROD: 17056
The patch fixes the issue when reclass adapter crashes if a new node
is tried to register in reclass metadata with reactor/runner mechanism.
This actually happens because of merged PR https://github.com/saltstack/salt/pull/15881 so
ID of master is chnaged to <NODE_NAME>_master https://github.com/saltstack/salt/blame/2017.7/salt/config/__init__.py#L3584
thats why runner modul can't fine the node and crashes.
Change-Id: I12b59db72d58d5b9d09cbd454201a75366545779
Related-PROD: PROD-17051